Increasing threat from web based security attacks

Cyber-criminals use legitimate business sites as launching pads for attacks against consumers; literally turning businesses against their own customers in an ongoing effort to steal consumers' personal data.

"Cyber-criminals target businesses because they provide an easy target to launch attacks against anyone that visits the web," said Kris Lamb, Global Director and Senior Operations Manager, IBM X-Force. "This is one of the oldest forms of mass attack still in existence today and there are a number of simple steps that can be taken in ensuring better security for regional businesses, it is therefore surprising that cyber-criminals are still finding fruits from their efforts."

Also discussed during the IBM ISS X-Force Roadshow which kicked off today at the Sheraton Corniche Hotel in Abu Dhabi, were vulnerabilities, spam & phishing, malware and web-based security threats; a hot industry topic at present.

The aim of the roadshow is to better enable regional businesses to shore up their defences, discussing the X-Force report's main 2008 trends which show how criminals are targeting the masses through website attacks.

The first major trend discussed was that cyber criminals are mainly focused on attacking web applications so they can in turn infect end-user machines. Last year more than half of all vulnerabilities disclosed were related to web applications, and of these, more than 75% had no patch. By the end of 2008, the volume of attacks jumped to 30 times the number of attacks initially seen last summer.

Meanwhile, corporations are using off-the-shelf applications that are riddled with vulnerabilities or even worse, custom applications that can host numerous unknown vulnerabilities that can't be patched.

The second major trend discussed was that although attackers continue to focus on the browser and ActiveX controls as a way to compromise end-user machines and as a result gain valuable data, they are extending their focus to new attacks that link to malicious movies (for example, Flash) and documents (for example, PDFs). In the fourth quarter of 2008 alone, IBM X-Force traced more than a 50% increase in the number of malicious URLs hosting exploits than were found in all of 2007.

Even spammers are turning to known web sites for expanded reach, the technique of hosting spam messages on popular blogs and news-related websites more than doubled in the second half of this year.

"It is more essential than ever for customers to treat security and compliance as a top priority as cyber attacks become ever increasingly focused on revenue generation," said Sameh Farid, regional manager, Global Technology Services (GTS), IBM Middle East. "By offering customers smart solutions that give the ability to infuse continuous security testing into their web and application development, IBM is enabling regional businesses to reduce time and costs associated with security and to concentrate on their core business."

IBM is the world's leading provider of risk and security solutions. Clients around the world work with IBM to help reduce the complexities of security and strategically manage risk. IBM's experience and range of risk and security solutions are unsurpassed from dedicated research, software, hardware, services and global Business Partner value - helping clients secure business operations and implement company - wide, integrated risk management programs.